Security certificates may be used by computer systems to authenticate and encrypt data transmitted to and from the system. A security certificate may define some level of trust that a client device may have in a system or server that has such a certificate. The level of trust in a certificate may be verified by various manners by the organization that issues a certificate, sometimes referred to as a certification authority.
In general, trusted security certificates that are used for two-way authentication are not usually delivered over a network to an unauthenticated device. In many cases, a certificate issuer may use a secondary channel, such as through postal mail, currier, or some other mechanism to ensure that the certificate is delivered to the actual person or organization that requested the certificate. The secondary channel may be the mechanism by which authentication of the issued certificate is verified.
In a typical use scenario, a trusted security certificate may be used for one-way authentication. For example a website on the Internet may have a trusted security certificate that may authenticate the website so that consumers may feel comfortable making a purchase or performing other actions with the website.